CAPEC

Common Attack Pattern Enumeration and Classification
Common Attack Pattern Enumeration and Classification

A Community Knowledge Resource for Building Secure Software

Home > CAPEC List > CAPEC Standard Abstraction Attack Pattern List (Release 1.1)   View the CAPEC List

CAPEC Standard Abstraction Attack Pattern List (Release 1.1)
CAPEC Standard Abstraction Attack Pattern List (Release 1.1)

This view (slice) covers standard abstraction attack patterns.

Accessing, Modifying or Executing Executable Files - (17)
Accessing Functionality Not Properly Constrained by ACLs - (1)
Argument Injection - (6)
Block Access to Libraries - (96)
Cause Web Server Misclassification - (11)
Choosing a Message/Channel Identifier on a Public/Multicast Channel - (12)
Command Delimiters - (15)
Cross Site Request Forgery (aka Session Riding) - (62)
Cryptanalysis - (97)
Embedding Scripts in Nonscript Elements - (18)
Embedding Scripts within Scripts - (19)
Encryption Brute Forcing - (20)
Exploitation of Session Variables, Resource IDs and other Trusted Credentials - (21)
Exploiting Multiple Input Interpretation Layers - (43)
File System Function Injection, Content Based - (23)
Forced Deadlock - (25)
Forced Integer Overflow - (92)
Forceful Browsing - (87)
Fuzzing - (28)
Hijacking a Privileged Thread of Execution - (30)
Inducing Account Lockout - (2)
Leverage Executable Code in Nonexecutable Files - (35)
Leveraging/Manipulating Configuration File Search Paths - (38)
Leveraging Race Conditions - (26)
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions - (29)
Lifting Data Embedded in Client Distributions - (37)
Log Injection-Tampering-Forging - (93)
Man in the Middle Attack - (94)
Manipulating Input to File System Calls - (76)
Manipulating Opaque Client-based Data Tokens - (39)
Manipulating User-Controlled Variables - (77)
Manipulating User State - (74)
Manipulating Writeable Configuration Files - (75)
OS Command Injection - (88)
Overflow Buffers - (100)
Passively Sniff and Capture Application Code Bound for Authorized Client - (65)
Password Brute Forcing - (49)
Password Recovery Exploitation - (50)
Pharming - (89)
Phishing - (98)
Poison Web Service Registry - (51)
Probing an Application Through Targeting its Error Reporting - (54)
Rainbow Table Password Cracking - (55)
Reflection Attack in Authentication Protocol - (90)
Removing/short-circuiting 'guard logic' - (56)
Reusing Session IDs (aka Session Replay) - (60)
Server Side Include (SSI) Injection - (101)
Session Fixation - (61)
Simple Script Injection - (63)
SQL Injection - (66)
Subvert Code-signing Facilities - (68)
Subverting Environment Variable Values - (13)
Target Programs with Elevated Privileges - (69)
URL Encoding - (72)
User-Controlled Filename - (73)
Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) - (82)
Web Logs Tampering - (81)
XML Parser Attack - (99)
 

CAPEC is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

Vision and Technical Leadership provided by Cigital, Inc.

This Web site is hosted by The MITRE Corporation.
Copyright 2008, The MITRE Corporation.

Contact capec@mitre.org for more information.
Page Last Updated: April 18, 2008
Privacy policy
Terms of use
Contact us